Hi,
I’m facing some strange issues with Auth0 integration for my frontend app (Angular 7+) and backend (node.js express). I have followed the quick start guides Auth0 Angular SDK Quickstarts: Login for frontend and Auth0 Node (Express) API SDK Quickstarts: Authorization for backend.
This is what I did
- Created an app under ‘Applications’ (named it ABC)
- By default Application type was ‘Single Page Application’
- Followed the integration guide for angular and it went well. That is I could login from frontend and renewal of token works fine even on page reload.
- Headed to integrate with node.js Express framework. I followed the above doc for backend. In this process, I had to create a new API under the ‘APIs’ section of the dashboard(named it API123).
- Added the middleware -
const jwtCheck = jwt({ secret: jwksRsa.expressJwtSecret({ cache: true, rateLimit: true, jwksRequestsPerMinute: 5, jwksUri: 'https://xxx.auth0.com/.well-known/jwks.json' }), audience: process.env.AUTH0_CLIENTID, issuer: 'https://xxx.auth0.com/', algorithms: [ 'RS256' ] });
here process.env.AUTH0_CLIENTID was initially taken from my newly created API client ID(API123). But for some reason, when it hit the endpoint with the middleware it was giving error saying ‘expected audience xxxx’. After searching on internet I had to replace my process.env.AUTH0_CLIENTID in backend with Client Id of the App(ABC) created for my frontend end and change the ‘Application Type’ of the App ABC to ‘Regular Web Application’ and changed ‘Token Endpoint Authentication Method’ to ‘Post’. This solved the problem.
BUT…
For some reason, randomly on all browsers(including mobile) - when I navigate to protected route using node.js express middleware I get 504 nginx error and that particular protected route does not return any data. Also randomly after successful login from the frontend, when I refresh or navigate to protected route, it throws an error saying Login required and that I suspect this.auth0.checkSession(renewTokens) is failing.
Not sure if i have made my issue clear, if not please ask me and I’ll elaborate more.
Here’s my full setup for frontend and backend -
Frontend
auth0 = new auth0.WebAuth({ clientID: 'GiElfXNsIbScO4d5JI7iH6EoOU39HbjP', domain: 'xxx.auth0.com' responseType: 'token id_token', redirectUri: 'https://domain.com/auth0/callback' });
Backend
const jwtCheck = jwt({ secret: jwksRsa.expressJwtSecret({ cache: true, rateLimit: true, jwksRequestsPerMinute: 5, jwksUri: 'https://xxx.auth0.com/.well-known/jwks.json' }), audience: 'GiElfXNsIbScO4d5JI7iH6EoOU39HbjP', issuer: 'https://xxx.auth0.com/', algorithms: [ 'RS256' ] });
Also, I’m making use of Management API to delete a user and it works well - here’s the code
Management API
const ManagementClient = require('auth0').ManagementClient; const auth0 = { initManagementAPI: () => { return new ManagementClient({ domain: 'xxx.auth0.com', clientId: 'GiElfXNsIbScO4d5JI7iH6EoOU39HbjP', clientSecret: AUTH0_CLIENT_SECRET, audience: 'https://xxx.auth0.com/api/v2/', scope: 'read:users' }); }, deleteUser: (id) => { return new Promise((resolve, reject) => { auth0.initManagementAPI().deleteUser({ id: id }) .then((user) => { resolve({ user: user }); }) .catch((error) => { reject(error); }); }); } }; module.exports = auth0;
Any help much appreciated!
~Neeraj